How do you view MASQUERADE rulesets and connections?
Josiah DeWitt
jdewitt@vendaria.com
Fri, 3 Aug 2001 09:30:52 -0700
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C11C39.A94A7FB0
Content-Type: text/plain;
charset="ISO-8859-1"
I have successfully installed the latest version of the netfilter tools, the
2.4.6 kernel, inserted the modules, and setup a filtering script ported from
my old ipchains rules. everything works similarly well, but now I'm not
able to view outbound masqueraded connections like I used to using 'netstat
-M' or 'ipchains -M' and this functionality is seemingly not in iptables.
Does anyone know how to obtain the running information?
More importantly, while troubleshooting a live box it is helpful to see the
running rulesets, hence 'iptables -L', this is great but where are the 'nat'
rules, they are there because it is working (invisibly). Is this right?
Can I see them somehow? I even RTFM!
Any input would be appreciated.
example:
#/sbin/iptables -A PREROUTING -t nat -p tcp -d 216.136.129.11 --dport 25 -j
DNAT --to 192.168.1.1:25
#iptables -L
does not list this 'nat' table entry, but the rule works.
#netstat -M
netstat: no support for `ip_masquerade' on this system.
WHAT!!
#lsmod
Module Size Used by
ip_nat_ftp 4256 0 (unused)
ip_conntrack_ftp 4304 0 [ip_nat_ftp]
ipt_LOG 3760 3 (autoclean)
ipt_MASQUERADE 2288 3 (autoclean)
iptable_filter 2048 0 (autoclean) (unused)
iptable_nat 23760 1 [ip_nat_ftp ipt_MASQUERADE]
ip_conntrack 25056 2 [ip_nat_ftp ip_conntrack_ftp
ipt_MASQUERADE iptable_nat]
ip_tables 14240 6 [ipt_LOG ipt_MASQUERADE iptable_filter
iptable_nat]
autofs 11456 1 (autoclean)
3c59x 26432 4 (autoclean)
i810_audio 15104 0
unix 17280 9 (autoclean)
__ _~o> ____________
_ _()==()_ _ _ _ _ _
__________-josiah_
------_=_NextPart_001_01C11C39.A94A7FB0
Content-Type: text/html;
charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DISO-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2652.35">
<TITLE>How do you view MASQUERADE rulesets and connections?</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>I have successfully installed the latest version of =
the netfilter tools, the 2.4.6 kernel, inserted the modules, and setup =
a filtering script ported from my old ipchains rules. everything =
works similarly well, but now I'm not able to view outbound masqueraded =
connections like I used to using 'netstat -M' or 'ipchains -M' and this =
functionality is seemingly not in iptables. Does anyone know how =
to obtain the running information?</FONT></P>
<P><FONT SIZE=3D2>More importantly, while troubleshooting a live box it =
is helpful to see the running rulesets, hence 'iptables -L', this is =
great but where are the 'nat' rules, they are there because it is =
working (invisibly). Is this right? Can I see them =
somehow? I even RTFM!</FONT></P>
<P><FONT SIZE=3D2>Any input would be appreciated.</FONT>
</P>
<P><FONT SIZE=3D2>example:</FONT>
<BR><FONT SIZE=3D2>#/sbin/iptables -A PREROUTING -t nat -p tcp -d =
216.136.129.11 --dport 25 -j DNAT --to 192.168.1.1:25</FONT>
</P>
<P><FONT SIZE=3D2>#iptables -L</FONT>
<BR><FONT SIZE=3D2>does not list this 'nat' table entry, but the rule =
works.</FONT>
</P>
<P><FONT SIZE=3D2>#netstat -M </FONT>
<BR><FONT SIZE=3D2>netstat: no support for `ip_masquerade' on this =
system.</FONT>
<BR><FONT SIZE=3D2>WHAT!!</FONT>
</P>
<P><FONT SIZE=3D2>#lsmod</FONT>
<BR><FONT =
SIZE=3D2>Module &nb=
sp; Size Used by</FONT>
<BR><FONT =
SIZE=3D2>ip_nat_ftp  =
; 4256 0 (unused)</FONT>
<BR><FONT =
SIZE=3D2>ip_conntrack_ftp =
4304 0 [ip_nat_ftp]</FONT>
<BR><FONT =
SIZE=3D2>ipt_LOG &n=
bsp; 3760 3 =
(autoclean)</FONT>
<BR><FONT =
SIZE=3D2>ipt_MASQUERADE &=
nbsp; 2288 3 (autoclean)</FONT>
<BR><FONT =
SIZE=3D2>iptable_filter &=
nbsp; 2048 0 (autoclean) (unused)</FONT>
<BR><FONT =
SIZE=3D2>iptable_nat &nbs=
p; 23760 1 [ip_nat_ftp =
ipt_MASQUERADE]</FONT>
<BR><FONT =
SIZE=3D2>ip_conntrack &nb=
sp; 25056 2 [ip_nat_ftp ip_conntrack_ftp =
ipt_MASQUERADE iptable_nat]</FONT>
<BR><FONT =
SIZE=3D2>ip_tables =
14240 6 [ipt_LOG =
ipt_MASQUERADE iptable_filter iptable_nat]</FONT>
<BR><FONT =
SIZE=3D2>autofs &nb=
sp; 11456 1 =
(autoclean)</FONT>
<BR><FONT =
SIZE=3D2>3c59x &nbs=
p; 26432 4 =
(autoclean)</FONT>
<BR><FONT =
SIZE=3D2>i810_audio  =
; 15104 0 </FONT>
<BR><FONT =
SIZE=3D2>unix  =
; 17280 =
9 (autoclean)</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>__ _~o> ____________</FONT>
<BR><FONT SIZE=3D2>_ _()=3D=3D()_ _ _ _ _ _</FONT>
<BR><FONT SIZE=3D2>__________-josiah_</FONT>
</P>
<BR>
</BODY>
</HTML>
------_=_NextPart_001_01C11C39.A94A7FB0--